The corridors of Black Hat 2025 in Las Vegas buzzed with conversations about AI and emerging threats, but one of the most compelling discussions centered on something decidedly human: how we actually manage our cybersecurity teams. Marco Ciappelli, Co-Founder and CMO of ITSPmagazine, connected with longtime industry colleague Deidre Diamond, who brought along Carraig Stanwyck—a seasoned cybersecurity leader who recently transitioned from Fortune 200 CISO to CEO.
Marco Ciappelli of ITSPmagazine explores cybersecurity workforce transformation with CyberSN's Deidre Diamond and Fortune 200 CISO-turned-CEO Carraig Stanwyck
The corridors of Black Hat 2025 in Las Vegas buzzed with conversations about AI and emerging threats, but one of the most compelling discussions centered on something decidedly human: how we actually manage our cybersecurity teams. Marco Ciappelli, Co-Founder and CMO of ITSPmagazine, connected with longtime industry colleague Deidre Diamond, who brought along Carraig Stanwyck—a seasoned cybersecurity leader who recently transitioned from Fortune 200 CISO to CEO.
"It's been great running into people I know here at Black Hat," Ciappelli noted, "but finding Deidre after 11 years—and meeting the people she's been working with—that's what these events are really about. Finding out what's happening in the industry and reconnecting."
Diamond, who has spent 11 years in cybersecurity with eight years focused on talent matching and three years developing workforce risk management practices at CyberSN, brought a unique perspective to the conversation. Her journey from building a cyber taxonomy and job matching solution to addressing the industry's critical workforce challenges—retention, burnout, capability gaps, and career planning—set the stage for understanding how one Fortune 200 CISO discovered the limitations of traditional workforce management.
The Excel Trap: When Good Intentions Meet Reality
When Stanwyck thought he had workforce management figured out, he was using Excel spreadsheets and conducting regular happiness surveys with his cybersecurity team. As someone who started his career in human intelligence and carried that people-focused approach through government, startups, and enterprise organizations, he believed he was ahead of the curve.
"I thought I already had a solution," Stanwyck reflects. "I was already meeting with my people, doing specific surveys to track happiness and belonging because I wanted to catch issues early. You get your team right, and you can do anything."
But when he met Deidre Diamond from CyberSN at RSA two years ago, his confidence was quickly shaken. "She was talking about workforce risk management, and I was like, 'Well, yeah, I do that. I'm all set. I'm covered.'" Diamond's response was simple: "Show me how you visualize the data you use."
That's when Stanwyck discovered the limitations of his Excel-based approach—old data, time-intensive processes, and a fundamental lack of real-time visibility into how his team actually functioned.
Beyond Job Titles: The Hidden Workforce Reality
What CyberSN's platform revealed transformed Stanwyck's understanding of his own team. "You can re-interview your people like a recorder," he explains. "You can see that someone you hired as an analyst is doing all this engineering work—maybe they're better on the engineering team."
The platform provided something Stanwyck had never experienced: quantitative visibility into how his team's time was actually being spent. "It gave me a level of visibility in the team, what they were doing, and how their time was being spent at a quantitative level that there's no way for me to replicate manually."
Even more revealing was the discovery that job descriptions become obsolete almost immediately. "The job description of our talent is old within weeks and within months from the day it's created—if it was even created correctly at all," Diamond noted during the conversation.
The Fulfillment Factor: Beyond Happiness to Purpose
While Stanwyck's happiness surveys captured surface-level satisfaction, CyberSN's approach dug into something more fundamental. "HappinessHappy is important, but one that feels fulfilled—that they have a purpose—that's the key," Stanwyck emphasizes.
The platform's approach to understanding team members went beyond traditional metrics. "When you know where they want to go, how they feel about the team, you get all this extra data," Stanwyck explains. "Your ability to craft development plans, to help them move through different parts of the team, to help with career planning—it becomes so nailed that they can't help but see their way forward."
The impact was immediate and lasting. When Stanwyck transitioned to his CEO role, his team specifically requested that the organization renew their CyberSN contract. "These teammates feel like, wow, they're investing in understanding me more and planning more. It just adds to professional efficacy."
From Reactive to Strategic: The Business Case Revolution
Perhaps the most significant transformation was in business communication. Every cybersecurity leader knows the refrain: "We don't have enough people." But quantifying that gap had always been nearly impossible.
"How do you show the gaps and how you're not able to meet specific capability requirements?" Stanwyck asks. "It's really hard using the lack of tools you have right now—it's very subjective."
CyberSN's dual visualization capability became a game-changer. "You can see the whole org chart from people—what they're doing. But you can also flip it and see that same org chart from a capabilities perspective," Stanwyck describes. "Here's all the capabilities we need. How are they staffed? What are we missing? How do we plan for the future as we grow?"
This visibility transformed conversations with executive leadership. "It's easier to get budgets, easier to make a business case for where you're going as you grow," Stanwyck notes. "CIOs, CFOs, CEOs can now understand what the security leader is dealing with in a way that's logical, not just a spreadsheet."
The Multi-Tool Discovery
The platform revealed something crucial about modern cybersecurity teams: people are multi-tools, not single-purpose instruments. "You hire somebody because they do X or Y—that's the assumption," Stanwyck explains. "But when you get to know them better through the taxonomies, when you figure out what they end up doing on the team even if it wasn't what they were hired for, you start realizing these tools are multi-tools."
This discovery enabled better strategic planning and resource allocation. "It allows you to have a much better plan for how you're gonna leverage them throughout the organization, help them upscale, identify those opportunities for them to maximize the value they're able to provide."
The Human Element in an AI-Driven World
As Black Hat 2025 showcased the latest in AI and automation, Stanwyck offered a refreshing perspective on the role of humans in cybersecurity's future. "AI technologies are really statistical models of existing information—they're not creative, they're not thinking outside the box," he observes.
Instead of replacement, Stanwyck advocates for empowerment. "I'm excited about companies that take a smarter approach—how do we empower the human? It's kind of like putting that superhero costume on rather than getting rid of them."
For cybersecurity leaders still managing teams through spreadsheets and gut feelings, this Black Hat conversation offers a clear message: true workforce visibility isn't just about knowing who works for you—it's about understanding how they work, what fulfills them, and how to strategically position your human capabilities for the challenges ahead.
CyberSN's workforce risk management platform transforms how cybersecurity leaders understand, develop, and strategically deploy their most valuable asset: their people.
Learn more about CyberSN: https://itspm.ag/cybersn-476941
Note: This story contains promotional content. Learn more.
Guests:
Deidre Diamond, Founder and CEO of CyberSN | On LinkedIn: https://www.linkedin.com/in/deidrediamond/
Carraig Stanwyck, CEO at 3 Tree Tech and former Fortune 200 CISO | On LinkedIn: https://www.linkedin.com/in/carraig-stanwyck/
Resources
Learn more and catch more stories from CyberSN: https://www.itspmagazine.com/directory/cybersn
Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs
Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/
Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Keywords: marco ciappelli, deidre diamond, carraig stanwyck, cybersecurity, workforce management, talent retention, job descriptions, skills gap, leadership, employee engagement, career development, black hat, black hat usa, black hat 2025, workforce risk management
Marco Ciappelli of ITSPmagazine explores cybersecurity workforce transformation with CyberSN's Deidre Diamond and Fortune 200 CISO-turned-CEO Carraig Stanwyck
The corridors of Black Hat 2025 in Las Vegas buzzed with conversations about AI and emerging threats, but one of the most compelling discussions centered on something decidedly human: how we actually manage our cybersecurity teams. Marco Ciappelli, Co-Founder and CMO of ITSPmagazine, connected with longtime industry colleague Deidre Diamond, who brought along Carraig Stanwyck—a seasoned cybersecurity leader who recently transitioned from Fortune 200 CISO to CEO.
"It's been great running into people I know here at Black Hat," Ciappelli noted, "but finding Deidre after 11 years—and meeting the people she's been working with—that's what these events are really about. Finding out what's happening in the industry and reconnecting."
Diamond, who has spent 11 years in cybersecurity with eight years focused on talent matching and three years developing workforce risk management practices at CyberSN, brought a unique perspective to the conversation. Her journey from building a cyber taxonomy and job matching solution to addressing the industry's critical workforce challenges—retention, burnout, capability gaps, and career planning—set the stage for understanding how one Fortune 200 CISO discovered the limitations of traditional workforce management.
The Excel Trap: When Good Intentions Meet Reality
When Stanwyck thought he had workforce management figured out, he was using Excel spreadsheets and conducting regular happiness surveys with his cybersecurity team. As someone who started his career in human intelligence and carried that people-focused approach through government, startups, and enterprise organizations, he believed he was ahead of the curve.
"I thought I already had a solution," Stanwyck reflects. "I was already meeting with my people, doing specific surveys to track happiness and belonging because I wanted to catch issues early. You get your team right, and you can do anything."
But when he met Deidre Diamond from CyberSN at RSA two years ago, his confidence was quickly shaken. "She was talking about workforce risk management, and I was like, 'Well, yeah, I do that. I'm all set. I'm covered.'" Diamond's response was simple: "Show me how you visualize the data you use."
That's when Stanwyck discovered the limitations of his Excel-based approach—old data, time-intensive processes, and a fundamental lack of real-time visibility into how his team actually functioned.
Beyond Job Titles: The Hidden Workforce Reality
What CyberSN's platform revealed transformed Stanwyck's understanding of his own team. "You can re-interview your people like a recorder," he explains. "You can see that someone you hired as an analyst is doing all this engineering work—maybe they're better on the engineering team."
The platform provided something Stanwyck had never experienced: quantitative visibility into how his team's time was actually being spent. "It gave me a level of visibility in the team, what they were doing, and how their time was being spent at a quantitative level that there's no way for me to replicate manually."
Even more revealing was the discovery that job descriptions become obsolete almost immediately. "The job description of our talent is old within weeks and within months from the day it's created—if it was even created correctly at all," Diamond noted during the conversation.
The Fulfillment Factor: Beyond Happiness to Purpose
While Stanwyck's happiness surveys captured surface-level satisfaction, CyberSN's approach dug into something more fundamental. "HappinessHappy is important, but one that feels fulfilled—that they have a purpose—that's the key," Stanwyck emphasizes.
The platform's approach to understanding team members went beyond traditional metrics. "When you know where they want to go, how they feel about the team, you get all this extra data," Stanwyck explains. "Your ability to craft development plans, to help them move through different parts of the team, to help with career planning—it becomes so nailed that they can't help but see their way forward."
The impact was immediate and lasting. When Stanwyck transitioned to his CEO role, his team specifically requested that the organization renew their CyberSN contract. "These teammates feel like, wow, they're investing in understanding me more and planning more. It just adds to professional efficacy."
From Reactive to Strategic: The Business Case Revolution
Perhaps the most significant transformation was in business communication. Every cybersecurity leader knows the refrain: "We don't have enough people." But quantifying that gap had always been nearly impossible.
"How do you show the gaps and how you're not able to meet specific capability requirements?" Stanwyck asks. "It's really hard using the lack of tools you have right now—it's very subjective."
CyberSN's dual visualization capability became a game-changer. "You can see the whole org chart from people—what they're doing. But you can also flip it and see that same org chart from a capabilities perspective," Stanwyck describes. "Here's all the capabilities we need. How are they staffed? What are we missing? How do we plan for the future as we grow?"
This visibility transformed conversations with executive leadership. "It's easier to get budgets, easier to make a business case for where you're going as you grow," Stanwyck notes. "CIOs, CFOs, CEOs can now understand what the security leader is dealing with in a way that's logical, not just a spreadsheet."
The Multi-Tool Discovery
The platform revealed something crucial about modern cybersecurity teams: people are multi-tools, not single-purpose instruments. "You hire somebody because they do X or Y—that's the assumption," Stanwyck explains. "But when you get to know them better through the taxonomies, when you figure out what they end up doing on the team even if it wasn't what they were hired for, you start realizing these tools are multi-tools."
This discovery enabled better strategic planning and resource allocation. "It allows you to have a much better plan for how you're gonna leverage them throughout the organization, help them upscale, identify those opportunities for them to maximize the value they're able to provide."
The Human Element in an AI-Driven World
As Black Hat 2025 showcased the latest in AI and automation, Stanwyck offered a refreshing perspective on the role of humans in cybersecurity's future. "AI technologies are really statistical models of existing information—they're not creative, they're not thinking outside the box," he observes.
Instead of replacement, Stanwyck advocates for empowerment. "I'm excited about companies that take a smarter approach—how do we empower the human? It's kind of like putting that superhero costume on rather than getting rid of them."
For cybersecurity leaders still managing teams through spreadsheets and gut feelings, this Black Hat conversation offers a clear message: true workforce visibility isn't just about knowing who works for you—it's about understanding how they work, what fulfills them, and how to strategically position your human capabilities for the challenges ahead.
CyberSN's workforce risk management platform transforms how cybersecurity leaders understand, develop, and strategically deploy their most valuable asset: their people.
Learn more about CyberSN: https://itspm.ag/cybersn-476941
Note: This story contains promotional content. Learn more.
Guests:
Deidre Diamond, Founder and CEO of CyberSN | On LinkedIn: https://www.linkedin.com/in/deidrediamond/
Carraig Stanwyck, CEO at 3 Tree Tech and former Fortune 200 CISO | On LinkedIn: https://www.linkedin.com/in/carraig-stanwyck/
Resources
Learn more and catch more stories from CyberSN: https://www.itspmagazine.com/directory/cybersn
Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs
Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/
Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Keywords: marco ciappelli, deidre diamond, carraig stanwyck, cybersecurity, workforce management, talent retention, job descriptions, skills gap, leadership, employee engagement, career development, black hat, black hat usa, black hat 2025, workforce risk management